A Tech Blog on Communications, Energy, Location, Transportation and Logistics.

Search This Blog

Sunday, February 22, 2015

SIM Database Hack Gave U.S. and British Spies Access to Billions of Phones

As reported by Reuters: U.S. and British spies hacked
into the world's biggest maker of phone SIM cards, allowing them
to potentially monitor the calls, texts and emails of billions
of mobile users around the world, an investigative news website
reported.The alleged hack on Gemalto, if confirmed, would
expand the scope of known mass surveillance methods available to
U.S. and British spy agencies to include not just email and web
traffic, as previously revealed, but also mobile communications.

The Franco-Dutch company said on Friday it was investigating
whether the U.S. National Security Agency (NSA) and Britain's
GCHQ had hacked into its systems to steal encryption keys that
could unlock the security settings on billions of mobile phones.

The report by The Intercept site, which cites documents
provided by former NSA contractor Edward Snowden, could prove an
embarrassment for the U.S. and British governments. It opens a
fresh front in the dispute between civil liberties campaigners
and intelligence services which say their citizens face a grave
threat of attack from militant groups like Islamic State.

It comes just weeks after a British tribunal ruled that GCHQ
had acted unlawfully in accessing data on millions of people in
Britain that had been collected by the NSA.

A spokesman for GCHQ (Government Communication Headquarters)
said on Friday that it did not comment on intelligence matters.
The NSA could not be immediately reached for comment.The Intercept report (bit.ly/19E0KUK) said the hack
was detailed in a secret 2010 GCHQ document and allowed the NSA
and GCHQ to monitor a large portion of voice and data mobile
communications around the world without permission from
governments, telecom companies or users.

"We take this publication very seriously and will devote all
resources necessary to fully investigate and understand the
scope of such sophisticated techniques," said Gemalto, whose
shares sunk by as much as 10 percent in early trading on Friday,
following the report.The report follows revelations from Snowden in 2013 of the
NSA's Prism programme which allowed the agency to access email
and web data handled by the world's largest Internet companies,
including Google, Yahoo and Facebook.

SURVEILLANCEThe new allegations could boost efforts by major technology
firms such as Apple Inc and Google to make strong
encryption methods standard in communications devices they sell,
moves attacked by some politicians and security officials.

Leaders including U.S. President Barack Obama and British
Prime Minister David Cameron have expressed concern that turning
such encryption into a mass-market feature could prevent
governments from tracking militants planning attacks.

Gemalto makes SIM (Subscriber Identity Module) cards for
phones and tablets as well as "chip and pin" bank cards and
biometric passports. It produces around 2 billion SIM cards a
year and counts Verizon, AT&T Inc and Vodafone
among hundreds of wireless network provider customers.

The GCHQ spybase in the UK.

The Intercept, published by First Look Media, was founded by
the journalists who first interviewed Snowden and made headlines
around the world with reports on U.S. electronic surveillance
programmes.

It published what it said was a secret GCHQ document that
said its staff implanted software to monitor Gemalto's entire
network, giving them access to SIM card encryption keys. The
report suggested this gave GCHQ, with the backing of the NSA,
unlimited access to phone communications using Gemalto SIMs.

French bank Mirabaud said in a research report the attacks
appeared to be limited to 2010 and 2011 and were aimed only at
older 2G phones widely used in emerging markets, rather than
modern smartphones. It did not name the source of these
assertions.

Some analysts argued that if a highly security-conscious
company like Gemalto is vulnerable, then all of its competitors
are as well.

Gemalto competes with several European and Chinese SIM card
suppliers. A spokesman for one major rival, Giesecke & Devrien
of Germany, told Reuters: "We have no signs that something like
that happened to us. We always do everything to protect our
customers' data."But while security experts have long believed spy agencies
in many countries have the ability to crack the complex
mathematical codes used to encrypt most modern communications,
such methods remain costly, limiting their usefulness to
targeted hijacking of individual communications.

Google+ Badge

Follow by Email

About Me

I have more than 25 years of experience in development, design, and mobile communications products and technology. I also enjoy skiing, hiking, scuba, tennis, reading, traveling, foreign languages, and painting. I'm an active member of the National Ski Patrol (NSP) and volunteer my time at either Loveland Ski resort, or Ski Cooper.